castle-rb 5.0.0 → 6.0.0

data/lib/castle/errors.rb

@@ -20,6 +20,8 @@ module Castle
   class ConfigurationError < Castle::Error; end
   # error returned by api
   class ApiError < Castle::Error; end
+  # webhook signature verification error
+  class WebhookVerificationError < Castle::Error; end
 
   # api error bad request 400
   class BadRequestError < Castle::ApiError; end

data/lib/castle/events.rb

@@ -3,7 +3,7 @@
 module Castle
   # list of events based on https://docs.castle.io/api_reference/#list-of-recognized-events
   module Events
-    # Record when a user succesfully logs in.
+    # Record when a user successfully logs in.
     LOGIN_SUCCEEDED = '$login.succeeded'
     # Record when a user failed to log in.
     LOGIN_FAILED = '$login.failed'

data/lib/castle/failover/prepare_response.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Castle
+  module Failover
+    # generate failover authentication response
+    class PrepareResponse
+      def initialize(user_id, reason:, strategy: Castle.config.failover_strategy)
+        @strategy = strategy
+        @reason = reason
+        @user_id = user_id
+      end
+
+      def call
+        {
+          action: @strategy.to_s,
+          user_id: @user_id,
+          failover: true,
+          failover_reason: @reason
+        }
+      end
+    end
+  end
+end

data/lib/castle/failover/strategy.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Castle
+  module Failover
+    # handles failover strategy consts
+    module Strategy
+      # allow
+      ALLOW = :allow
+      # deny
+      DENY = :deny
+      # challenge
+      CHALLENGE = :challenge
+      # throw an error
+      THROW = :throw
+    end
+
+    # list of possible strategies
+    STRATEGIES = %i[allow deny challenge throw].freeze
+  end
+end

data/lib/castle/{extractors/headers.rb → headers/extract.rb}

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 module Castle
-  module Extractors
+  module Headers
     # used for extraction of cookies and headers from the request
-    class Headers
+    class Extract
       # Headers that we will never scrub, even if they land on the configuration denylist.
       ALWAYS_ALLOWLISTED = %w[User-Agent].freeze
 
@@ -13,9 +13,11 @@ module Castle
       private_constant :ALWAYS_ALLOWLISTED, :ALWAYS_DENYLISTED
 
       # @param headers [Hash]
-      def initialize(headers)
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration]
+      def initialize(headers, config = Castle.config)
         @headers = headers
-        @no_allowlist = Castle.config.allowlisted.empty?
+        @config = config
+        @no_allowlist = config.allowlisted.empty?
       end
 
       # Serialize HTTP headers
@@ -35,8 +37,8 @@ module Castle
       def header_value(name, value)
         return true if ALWAYS_DENYLISTED.include?(name)
         return value if ALWAYS_ALLOWLISTED.include?(name)
-        return true if Castle.config.denylisted.include?(name)
-        return value if @no_allowlist || Castle.config.allowlisted.include?(name)
+        return true if @config.denylisted.include?(name)
+        return value if @no_allowlist || @config.allowlisted.include?(name)
 
         true
       end

data/lib/castle/headers/filter.rb

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+module Castle
+  module Headers
+    # used for preparing valuable headers list
+    class Filter
+      # headers filter
+      # HTTP_ - this is how Rack prefixes incoming HTTP headers
+      # CONTENT_LENGTH - for responses without Content-Length or Transfer-Encoding header
+      # REMOTE_ADDR - ip address header returned by web server
+      VALUABLE_HEADERS = /^
+      HTTP(?:_|-).*|
+        CONTENT(?:_|-)LENGTH|
+      REMOTE(?:_|-)ADDR
+      $/xi.freeze
+
+      private_constant :VALUABLE_HEADERS
+
+      # @param request [Rack::Request]
+      def initialize(request)
+        @request_env = request.env
+        @header_format = Castle::Headers::Format
+      end
+
+      # Serialize HTTP headers
+      # @return [Hash]
+      def call
+        @request_env.keys.each_with_object({}) do |header_name, acc|
+          next unless header_name.match(VALUABLE_HEADERS)
+
+          formatted_name = @header_format.call(header_name)
+          acc[formatted_name] = @request_env[header_name]
+        end
+      end
+    end
+  end
+end

data/lib/castle/headers/format.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Castle
+  module Headers
+    # formats header name
+    class Format
+      class << self
+        # @param header [String]
+        # @return [String]
+        def call(header)
+          format(header.to_s.gsub(/^HTTP(?:_|-)/i, ''))
+        end
+
+        private
+
+        # @param header [String]
+        # @return [String]
+        def format(header)
+          header.split(/_|-/).map(&:capitalize).join('-')
+        end
+      end
+    end
+  end
+end

data/lib/castle/{extractors/ip.rb → ip/extract.rb}

@@ -1,9 +1,9 @@
 # frozen_string_literal: true
 
 module Castle
-  module Extractors
+  module IP
     # used for extraction of ip from the request
-    class IP
+    class Extract
       # ordered list of ip headers for ip extraction
       DEFAULT = %w[X-Forwarded-For Remote-Addr].freeze
       # list of header which are used with proxy depth setting
@@ -12,12 +12,13 @@ module Castle
       private_constant :DEFAULT
 
       # @param headers [Hash]
-      def initialize(headers)
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration]
+      def initialize(headers, config = Castle.config)
         @headers = headers
-        @ip_headers = Castle.config.ip_headers.empty? ? DEFAULT : Castle.config.ip_headers
-        @proxies = Castle.config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
-        @trust_proxy_chain = Castle.config.trust_proxy_chain
-        @trusted_proxy_depth = Castle.config.trusted_proxy_depth
+        @ip_headers = config.ip_headers.empty? ? DEFAULT : config.ip_headers
+        @proxies = config.trusted_proxies + Castle::Configuration::TRUSTED_PROXIES
+        @trust_proxy_chain = config.trust_proxy_chain
+        @trusted_proxy_depth = config.trusted_proxy_depth
       end
 
       # Order of headers:

data/lib/castle/logger.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Castle
+  # module for logger handling
+  module Logger
+    class << self
+      # @param message [String]
+      # @param data [String]
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration]
+      def call(message, data = nil, config = Castle.config)
+        logger = config.logger
+
+        return unless logger
+
+        logger.info("[CASTLE] #{message} #{data}".strip)
+      end
+    end
+  end
+end

data/lib/castle/payload/prepare.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Castle
+  module Payload
+    # this prepare payload based on the request
+    module Prepare
+      class << self
+        # @param payload_options [Hash]
+        # @param request [Request]
+        # @param options [Hash] required for context preparation
+        # @return [Hash]
+        def call(payload_options, request, options = {})
+          context = Castle::Context::Prepare.call(request, payload_options.merge(options))
+
+          payload = Castle::Utils::DeepSymbolizeKeys.call(
+            payload_options || {}
+          ).merge(context: context)
+          payload[:timestamp] ||= Castle::Utils::GetTimestamp.call
+
+          warn '[DEPRECATION] use user_traits instead of traits key' if payload.key?(:traits)
+
+          payload
+        end
+      end
+    end
+  end
+end

data/lib/castle/secure_mode.rb

@@ -4,8 +4,12 @@ require 'openssl'
 
 module Castle
   module SecureMode
-    def self.signature(user_id)
-      OpenSSL::HMAC.hexdigest('sha256', Castle.config.api_secret, user_id.to_s)
+    class << self
+      # @param user_id [String]
+      # @param config [Castle::Configuration, Castle::SingletonConfiguration]
+      def signature(user_id, config = Castle.config)
+        OpenSSL::HMAC.hexdigest('sha256', config.api_secret, user_id.to_s)
+      end
     end
   end
 end

data/lib/castle/session.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Castle
+  # this module uses the Connection object
+  # and provides start method for persistent connection usage
+  # when there is a need of sending multiple requests at once
+  module Session
+    HTTPS_SCHEME = 'https'
+
+    class << self
+      def call(&block)
+        return unless block_given?
+
+        Castle::Core::GetConnection.call.start(&block)
+      end
+    end
+  end
+end

data/lib/castle/singleton_configuration.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'singleton'
+
+module Castle
+  class SingletonConfiguration < Configuration
+    include Singleton
+  end
+end

data/lib/castle/utils/clean_invalid_chars.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    module CleanInvalidChars
+      class << self
+        def call(arg)
+          case arg
+          when ::String
+            arg.encode('UTF-8', invalid: :replace, undef: :replace)
+          when ::Hash
+            arg.transform_values do |v|
+              Castle::Utils::CleanInvalidChars.call(v)
+            end
+          when ::Array
+            arg.map { |el| Castle::Utils::CleanInvalidChars.call(el) }
+          else
+            arg
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/clone.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    # Clones any object
+    class Clone
+      class << self
+        # Returns a cloned object of any type
+        def call(object)
+          Marshal.load(Marshal.dump(object))
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/deep_symbolize_keys.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    module DeepSymbolizeKeys
+      class << self
+        # Returns a new hash with all keys converted to symbols, as long as
+        # they respond to +to_sym+. This includes the keys from the root hash
+        # and from all nested hashes and arrays.
+        #
+        #   hash = { 'person' => { 'name' => 'Rob', 'age' => '28' } }
+        #
+        #   Castle::Hash.deep_symbolize_keys(hash)
+        #   # => {:person=>{:name=>"Rob", :age=>"28"}}
+        def call(object, &block)
+          case object
+          when Hash
+            object.each_with_object({}) do |(key, value), result|
+              result[key.to_sym] = Castle::Utils::DeepSymbolizeKeys.call(value, &block)
+            end
+          when Array
+            object.map { |e| Castle::Utils::DeepSymbolizeKeys.call(e, &block) }
+          else
+            object
+          end
+        end
+
+        def call!(object, &block)
+          case object
+          when Hash
+            object.each_key do |key|
+              value = object.delete(key)
+              object[key.to_sym] = Castle::Utils::DeepSymbolizeKeys.call!(value, &block)
+            end
+            object
+          when Array
+            object.map! { |e| Castle::Utils::DeepSymbolizeKeys.call!(e, &block) }
+          else
+            object
+          end
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/get_timestamp.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    # Generates a timestamp
+    class GetTimestamp
+      class << self
+        # Returns current time as ISO8601 formatted string
+        def call
+          Time.now.utc.iso8601(3)
+        end
+      end
+    end
+  end
+end

data/lib/castle/utils/{merger.rb → merge.rb}

@@ -2,10 +2,10 @@
 
 module Castle
   module Utils
-    class Merger
+    class Merge
       def self.call(base, extra)
-        base_s = Castle::Utils.deep_symbolize_keys(base)
-        extra_s = Castle::Utils.deep_symbolize_keys(extra)
+        base_s = Castle::Utils::DeepSymbolizeKeys.call(base)
+        extra_s = Castle::Utils::DeepSymbolizeKeys.call(extra)
 
         extra_s.each do |name, value|
           if value.nil?

data/lib/castle/utils/secure_compare.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Castle
+  module Utils
+    # Code borrowed from ActiveSupport
+    class SecureCompare
+      class << self
+        # @param str_a [String] first string to be compared
+        # @param str_b [String] second string to be compared
+        def call(str_a, str_b)
+          return false unless str_a.bytesize == str_b.bytesize
+
+          l = str_a.unpack "C#{str_a.bytesize}"
+
+          res = 0
+          str_b.each_byte { |byte| res |= byte ^ l.shift }
+          res.zero?
+        end
+      end
+    end
+  end
+end

data/lib/castle/validators/not_supported.rb

@@ -2,6 +2,7 @@
 
 module Castle
   module Validators
+    # Checks if required keys are supported
     class NotSupported
       class << self
         def call(options, keys)

data/lib/castle/validators/present.rb

@@ -2,6 +2,7 @@
 
 module Castle
   module Validators
+    # Checks if required keys are present
     class Present
       class << self
         def call(options, keys)